aharvey Mon, 27 Sep 2010 07:08:04 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=303779
Log: Fix bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Bug: http://bugs.php.net/52929 (Assigned) Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c A php/php-src/branches/PHP_5_3/ext/filter/tests/bug52929.phpt U php/php-src/trunk/ext/filter/logical_filters.c A php/php-src/trunk/ext/filter/tests/bug52929.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-09-27 03:21:39 UTC (rev 303778) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-27 07:08:04 UTC (rev 303779) @@ -21,6 +21,8 @@ - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat) +- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with + large amount of data). (Adam) - Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo) - Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey) Modified: php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c 2010-09-27 03:21:39 UTC (rev 303778) +++ php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c 2010-09-27 07:08:04 UTC (rev 303779) @@ -531,6 +531,11 @@ int matches; + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ + if (Z_STRLEN_P(value) > 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED Added: php/php-src/branches/PHP_5_3/ext/filter/tests/bug52929.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/filter/tests/bug52929.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/filter/tests/bug52929.phpt 2010-09-27 07:08:04 UTC (rev 303779) @@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +var_dump(filter_var('va...@email.address', FILTER_VALIDATE_EMAIL)); + +// Beyond the allowable limit for an e-mail address. +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL)); + +// An invalid address likely to crash PHP due to stack exhaustion if it goes to +// the validation regex. +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL)); +--EXPECT-- +string(19) "va...@email.address" +bool(false) +bool(false) Modified: php/php-src/trunk/ext/filter/logical_filters.c =================================================================== --- php/php-src/trunk/ext/filter/logical_filters.c 2010-09-27 03:21:39 UTC (rev 303778) +++ php/php-src/trunk/ext/filter/logical_filters.c 2010-09-27 07:08:04 UTC (rev 303779) @@ -531,6 +531,11 @@ int matches; + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ + if (Z_STRLEN_P(value) > 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED Added: php/php-src/trunk/ext/filter/tests/bug52929.phpt =================================================================== --- php/php-src/trunk/ext/filter/tests/bug52929.phpt (rev 0) +++ php/php-src/trunk/ext/filter/tests/bug52929.phpt 2010-09-27 07:08:04 UTC (rev 303779) @@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +var_dump(filter_var('va...@email.address', FILTER_VALIDATE_EMAIL)); + +// Beyond the allowable limit for an e-mail address. +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL)); + +// An invalid address likely to crash PHP due to stack exhaustion if it goes to +// the validation regex. +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL)); +--EXPECT-- +string(19) "va...@email.address" +bool(false) +bool(false)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php